Open swidup opened 1 year ago
CommuteAir, HQ: North Olmsted, OH, NAICS: 48488, EMP: 900. An unsecured Amazon Web Services Cloud development server was hacked by Swiss developer and computer hacker “Maia Arson Crimew” (aka Tillie Kottmann). Crimew utilized the “Shodan” search engine looking for Jenkins servers, which aid in building, testing, and development of software. Crimew reported her access Jan 19, 2023 on the dark web. The server contained a four-year-old Terrorist Screening database and No Fly List database that was used for testing the server. These databases contained 1,500,000 entries: names, date of birth, aliases and varied spellings of them, (number of unique individuals less than 1,500,000). Data for 1473 employees was also revealed: passport numbers, addresses, phone numbers, last four digits of social security number. Company data exposed: user credentials to more than 40 Amazon S3 buckets and servers, and a Selectee list of 250,000 individuals for further security screening. CommuteAir reported the breach occurred Jan 15, 2023, was discovered Jan 17, 2023 and consumer notification on Jan 18, 2023.
https://www.dailydot.com/debug/no-fly-list-us-tsa-unprotected-server-commuteair/